pr-comments

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests user-generated PR review content from third-party GitHub endpoints (e.g., Step 2: gh api repos/{owner}/{repo}/pulls/{pr_number}/comments, issues/{pr_number}/comments, and reviews) and then reads and acts on those comments to decide fixes, accept suggestions, post replies, commit changes, and resolve threads (Steps 5–12), which meets the criteria for indirect prompt-injection exposure.